Google to block sign-ins from embedded browser frameworks to counter Man In The Middle phishing attacks

By Digit NewsDesk | Updated 22 Apr 2019
Google to block sign-ins from embedded browser frameworks to counter Man In The Middle phishing attacks
  • Google will block all sign-ins done via embedded browser frameworks.
  • This is being done to counter Man In The Middle phishing attacks.
  • The change will be implemented from June 2019.

After announcing a slew of security features for G-suite, the company is now introducing a new change that is aimed at curbing Man In The Middle (MITM) phishing attacks. Adding a layer of protection to user sign-ins, the company will block logins that are done via embedded browser frameworks starting June this year. Google says it becomes difficult to detect whether it is an authentic sign-in by a user or a MITM phishing attack when embedded browser framework or when another automation platform is being used for authentication. Therefore, to help enhance user safety, it will block any sign-ins that occur via embedded browser frameworks.  


The new feature will add to the existing countermeasures Google has set in place like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges. One might have noticed a warning message showing up before visiting a dubious site or downloading an app that could be harmful. This is the Safe browsing feature that Google has in place to counter instances of malware or dubious scripts being installed on a user’s computer. Google could also soon add new features that disable sites from detecting users who are browsing in Incognito mode. 

While going Incognito while browsing the web takes care of cookies and some trackers, it is not a fool-proof method to remain anonymous online. some sites can detect when a user is browsing in incognito mode and track them to display subscription options or to register. However, Google is reportedly testing implementation of a Filesystem API flag in Chrome’s incognito mode with version 75 that is said to curb sites from following users who are in incognito mode. The API flag can be enabled by entering chrome://flags in the URL and finding the “Filesystem API in Incognito” flag. You can read more about this feature here

Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.

Recent Questions

How to block android apps from running in backround?
Aug 25, 2014
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment